Class Action Filed Over Scottrade Data Breach

SAN DIEGO (CN) – A federal class action seeks at least $5 million for an estimated 4.6 million Scottrade account holders whose account information hackers recently stole. Scottrade client Stephen Hine says in a federal complaint filed last week that thought Scottrade would protect brokerage account holders’ personal information. Instead, the company violated its privacy policy and agreements with its clients, he says. Scottrade was “negligent in failing to exercise reasonable security precautions, [and] failing to comply with industry standards for storing confidential and private personal information,” Hine says in the 38-page complaint. “Despite prior warnings, including prior incursions of their network by third parties who conducted fraudulent stock trades using Scottrade’s customers’ accounts” and fines by federal regulators over Scottrade’s security procedures, the brokerage did not take necessary precautions to protect clients’ account information, Hine says. When Scottrade got around to sending email notifications to affected clients, Hine says the “notification was woefully inadequate and vague, given the threat that currently exists concerning the potential use of their private information in stock scams, other financial frauds, and its sale on the black market.” To open a Scottrade account, Hine says clients must provide personal and confidential information including names, phone numbers, Social Security and tax identification numbers, work history, and other sensitive information. But from late 2013 into early 2014, Hines says hackers targeted Scottrade with a sustained hacker attack that compromised the information of the brokerage’s 4.6 million clients via a “massive data breach” caused by a “criminal act.” The hackers accessed and stole clients’ retirement, brokerage and college savings, personal bank accounts, and other personal and financial information, and Scottrade did not learn about it until federal investigators investigating cybersecurity crimes informed the company of the data breach, according to the complaint. News media reported and Scottrade confirmed the data breach Friday, and Hine says Scottrade began notifying affected clients but admitted it might never know the full extent of the data theft and exactly who is affected. Bryan Krebs of “Krebs On Security” published an article Friday about an email Scottrade sent to its clients announcing the data breach and saying a list of client names and their street addresses were stolen by hackers who primarily were looking for client contact information but also obtained Social Security numbers, email addresses and other information, the complaint says. In the email notifying clients of the data breach, Hine says Scottrade did not explain how it happened and placed the burden of protecting private information on clients, while offering a year of free credit monitoring and identity theft insurance for affected clients. The class seeks at least $5 million in restitution and damages, including punitive damages for breach of fiduciary duty, concealment, negligence, and violations of California’s Customer Records Act and unfair competition law. Missouri-based Scottrade is a privately owned discount retail brokerage firm that became popular during the 1990s with its flat fee of $7 per online trade. The company provides brokerage and financial services for its clients online and through 503 branch offices located throughout the United States. Neither class attorney Timothy D. Cohelan of Cohelan Khoury & Singer nor Scottrade officials were immediately available for comment.